Security Architect (Data)

About The Position

Requirements

• 10+ years in networking, infrastructure, and security architecture.
• Deep hands-on expertise with: Cisco Nexus (9K, NX-OS, EVPN, VXLAN) Nokia service routing and IP/MPLS Ciena optical and transport networking
• Proven experience designing and securing: Utility WANs AMI backhaul and aggregation networks Multi-site, high-availability architectures
• Demonstrated experience in energy utility environments.
• Strong understanding of: AMI architectures and data flows DER integration risks IT/OT separation principles
• Experience performing: Cybersecurity architecture reviews Risk assessments for grid-connected systems

Nice To Haves

• Experience with: Grid modernization initiatives DERMS platforms Cloud-hosted AMI or analytics systems
• Certifications (preferred, not required): CISSP, CCSP, GIAC CCNP / CCIE Nokia certifications

Responsibilities

• Define and maintain the enterprise security architecture for: Utility data centers Private utility WANs AMI head-end and meter data management systems (MDMS) DER and grid-edge integration platforms
• Establish architectural standards that enforce: IT/OT separation Secure utility demarcation points Controlled ingress/egress between enterprise, AMI, and operational zones
• Lead security architecture reviews for: AMI networks (RF mesh, cellular, fiber-backed aggregation) AMI head-end systems and MDMS platforms DER integrations (solar, storage, EV charging, microgrids)
• Ensure secure integration of: Third-party DER aggregators Cloud-hosted AMI and analytics platforms
• Define security controls to mitigate: Lateral movement from AMI into enterprise or OT systems Unauthorized DER command and control Supply-chain and vendor access risks
• Provide hands-on architectural leadership for: Datacenter switching and routing Utility private WAN and carrier connectivity Inter-data-center and regional transport networks
• Design and review architecture leveraging: Cisco Nexus (NX-OS, EVPN, VXLAN, ACI) Nokia (SR OS, IP/MPLS, Service Routers) Ciena (optical transport, DCI, coherent optics)
• Embed security into: BGP, OSPF, IS-IS, MPLS, EVPN AMI backhaul and aggregation networks Utility-owned and leased transport circuits
• Conduct formal cybersecurity architecture reviews for: AMI expansions DER onboarding initiatives New private and cloud connectivity
• Perform: Threat modeling specific to utility attack scenarios Attack-path and lateral movement analysis Control effectiveness assessments
• Identify architectural risks related to: Improper zone termination Inadequate segmentation Over-trust of vendor-managed systems
• Provide risk-based remediation guided by operational realities.
• Define segmentation strategies aligned to utility environments: Enterprise IT AMI / Grid Edge OT / Control Systems
• Ensure security architectures support: Zero Trust principles where applicable Strong identity, authentication, and authorization
• Define monitoring and visibility requirements for: AMI traffic DER command-and-control paths Inter-zone communications
• Ensure integration with: SIEM Network Detection & Response (NDR) Flow telemetry (NetFlow, IPFIX)
• Support compliance and audit activities related to: Utility cybersecurity regulations and standards Internal and external security assessments
• Act as a technical liaison between: IT security OT engineering Grid operations Regulatory and compliance teams
• Serve as the senior technical authority for cybersecurity architecture
• Mentor senior architects and engineers across IT, OT, and network domains.
• Influence technology strategy while remaining hands-on and technically credible.

Benefits

• Health, dental, and vision coverage
• Life insurance
• 401 (k) w/company match 100% up to 3% and an additional 50% match of 2%
• Paid time off
• 11 Paid Holidays